mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge pull request #14724 from nextcloud/enh/nonce_for_iframes 

CSP: set nonce for iframes
This commit is contained in:
Morris Jobke 2019-03-18 16:17:18 +01:00 committed by GitHub
parent 4824d278f9 4d8e1f6c67
commit 458359563b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php
View File

@ -468,7 +468,11 @@ class EmptyContentSecurityPolicy {
}
if(!empty($this->allowedFrameDomains)) {
$policy .= 'frame-src ' . implode(' ', $this->allowedFrameDomains);
$policy .= 'frame-src ';
if(is_string($this->useJsNonce)) {
$policy .= '\'nonce-' . base64_encode($this->useJsNonce) . '\' ';
}
$policy .= implode(' ', $this->allowedFrameDomains);
$policy .= ';';
}